Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

CVE-2025-64155: FortiSIEM Remote Unauthenticated Command Injection Vulnerability

Jan 15, 2026 By Andres Ramos In Arctic Wolf
On January 13, 2025, Fortinet released fixes for a critical-severity FortiSIEM vulnerability (CVE-2025-64155) that stems from improper neutralization of special elements used in OS commands within the phMonitor service (TCP/7900). An unauthenticated, remote threat actor can exploit this vulnerability via crafted TCP requests to execute unauthorized code or commands on affected systems.
Read Post
cato networks

Cato Networks Joins ISC2 as an Official CPE Partner

Jan 15, 2026 By Dave Greenfield In Cato Networks
Cato Networks’ SASE certification portfolio has taken a major step forward with Cato’s official recognition as an ISC2 Continuing Professional Education (CPE) Partner. ISC2 is one of the most trusted names in cybersecurity, representing more than 500,000 members worldwide. Their certifications are widely regarded as the benchmark for professional excellence in security.
Read Post
armo

What Is the Best Security for NGINX in Kubernetes? (Beyond Configuration)

Jan 15, 2026 By Jonathan Kaftzan In ARMO
The best security combines configuration controls (TLS, headers, network policies, pod security) with runtime behavioral monitoring that detects anomalies your configuration can’t see. Configuration creates the baseline—it defines what should happen. Runtime protection catches what gets through—it shows what is happening. You need both, but most teams only have the first.
Read Post

Episode 6 - Detecting DNS Covert Channels in the Wild (Part 2)

Jan 15, 2026 By Corelight In Corelight
In Episode 6 of Corelight DefeNDRs, we delve deeper into the fascinating world of DNS covert channels with Vern Paxson, our chief scientist and co-founder. Continuing from our previous discussion, Vern shares his insights on techniques developed to detect these stealthy channels utilized by intruders to evade security measures. We explore the innovative approach of leveraging time series analysis of DNS lookups, how to distinguish benign traffic from potential threats, and the real-world implications of our findings across significant datasets.
View Video
How to Protect Smart HVAC in Commercial Sites

How to Protect Smart HVAC in Commercial Sites

Jan 15, 2026 By SecuritySenses In SecuritySenses
Smart HVAC systems have become a core part of modern commercial buildings. But they also sit squarely on the front lines of digital risk. These systems connect to sensors, cloud dashboards, vendor portals, and building automation networks that attackers increasingly try to exploit. Protecting them takes more than checking a few security boxes. It requires a plan that mixes cybersecurity, mechanical expertise, and day to day operational discipline.
Read Post
Your Data Deserves a Fortress: Why Shared Hosting is a Security Gamble in 2026

Your Data Deserves a Fortress: Why Shared Hosting is a Security Gamble in 2026

Jan 14, 2026 By SecuritySenses In SecuritySenses
Cybersecurity is no longer just an IT concern; it is an existential issue for businesses of all sizes. Ransomware attacks, data breaches, and automated botnets do not discriminate between a multinational corporation and a local e-commerce store. While many business owners invest heavily in antivirus software and firewalls for their office laptops, they often overlook a glaring vulnerability: the infrastructure where their website and customer data actually live. Hosting your business on a shared server is akin to leaving your front door unlocked because you live in a "safe neighborhood." It works until it doesn't.
Read Post
Arctic Wolf

CVE-2025-25249: Remote Code Execution Vulnerability in FortiOS and FortiSwitchManager

Jan 13, 2026 By Julian Tuin In Arctic Wolf
On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon and could allow an unauthenticated, remote threat actor to execute arbitrary code or commands. The vulnerability was discovered internally by Fortinet’s Product Security Team.
Read Post
Why Physical Infrastructure Still Matters in a Cyber World

Why Physical Infrastructure Still Matters in a Cyber World

Jan 13, 2026 By SecuritySenses In SecuritySenses
As organizations accelerate cloud adoption and digital transformation, it's tempting to think physical infrastructure is becoming less important. Software-defined networks, virtual machines, and remote access tools dominate security conversations. Yet the reality is more nuanced. Digital systems still rely on physical foundations, and when those foundations fail, even the most sophisticated cyber defenses can unravel.
Read Post

Cyber War is Already Here. CISOs Must Prepare for Cyber Conflict

Jan 12, 2026 By SafeBreach In SafeBreach
Cyber warfare isn’t coming—it’s already here. This conversation on The Cyber Resilience Brief dives into the Fifth Domain of Warfare—and why nation-state cyber activity should matter to every organization. From Russia’s chaos-driven campaigns to China’s long-game persistence, Iran’s retaliatory attacks, and North Korea’s financial theft—your network isn’t a bystander.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.